With this document, Locanda Parsifal provides users of the website www.locandaparsifal.com with information regarding the data that is collected and tracked through the website and its subdomains, the purposes of this data collection, and the rights that users may exercise in relation to their personal data.
Data Controller
The data controller is:
Gusto Srl – Via Cremonese 28/a – 43126 Parma, Italy
PEC: gustosrlparma@legalmail.it
If users require more information than what is provided in this document, they may send an email to: info@locandaparsifal.com
Place of Processing
The data is processed at the premises of the facility located in Via Cremonese 28/a, Parma, Italy. For more information, you may contact the data controller at the address above.
Collected Information and Processed Data
The data controller, as identified above, processes the following data:
● Personal information (name, surname, date and place of birth, tax code, document number and expiry date, residence address) related to the user and/or their underage child, provided to complete and submit a booking request;
● Contact details (email address, residence address, phone number), IP address, as well as any additional information voluntarily provided by the data subject that may include special categories of data such as health-related information. This information may also be collected regarding third parties and/or minor children who will share the stay.
● Statistical data such as browser used, date and time of website visit, physical address of the device used to connect;
● Payment details, such as IBAN, credit/prepaid card (network, card number, expiry date, CVV, cardholder’s full name) to process the service payment.
By filling in the provided fields, the user consents to the processing of the data by the controller in order to fulfill their request.
Purpose and Legal Basis of Data Processing
The data controller processes the collected data in compliance with the principles of lawfulness, fairness, and transparency, in accordance with current legislation (Art. 13 EU Reg. 679/2016), using tools and organizational measures designed to minimize risks and ensure data security. Specifically, the user’s data is processed on the following legal bases:
- To respond to an information request submitted via the contact form, email, or other communication channels. In this case, data processing is optional and based on the freely given consent of the user. Without the required data, the controller cannot fulfill the request.
- To process a booking request made by the user via the website. In this case, data is processed to fulfill the accommodation service and any related services (e.g., Wi-Fi), or to take pre-contractual measures at the user’s request (Art. 6(1)(b) GDPR). Missing data may prevent the controller from fulfilling the request.
- To process special categories of data, such as health-related information, where necessary to fulfill contractual obligations. In such cases, data is processed based on the data subject’s informed and explicit consent, pursuant to Art. 9(2)(a) and (g) GDPR. Without consent, the request cannot be fulfilled.
- To improve website functionality through statistical analysis of traffic and user behavior. Here too, processing is optional and based on user consent.
- To fulfill fiscal and legal obligations in accordance with Art. 6(1)(c) GDPR.
- To protect the controller’s rights in the event of disputes and in any case of legitimate interest under Art. 6(1)(f) GDPR.
- To send soft-spam communications relating to services similar to those already booked by the data subject, provided by the controller, without the need for explicit consent, under Art. 130(4) of Legislative Decree 196/2003. The legal basis here is the legitimate interest of the controller (Art. 6(1)(f) GDPR). The user may withdraw consent or object to this processing at any time.
Data Retention Period
The data controller retains and processes the data only for the time strictly necessary to achieve each of the purposes listed in this document.
Specifically:
- Data collected to provide the accommodation service will be stored for the duration necessary to fulfill the service, and in any case for no longer than 10 (ten) years.
- Data collected based on freely given consent will be retained until the user withdraws their consent.
- Data collected for marketing purposes will be stored for a maximum of 24 months from the time consent was given.
- Data collected for profiling purposes will be stored for no more than 12 months.
- Data used for soft-spam communications will be stored and processed for up to 2 years from the last interaction between the user and the controller.
The data subject may request at any time that the processing be stopped or that their data be deleted, unless there are legitimate overriding reasons for the controller to retain it.
Data Recipients
In addition to the data controller, recipients may include individuals and/or legal entities acting on behalf of the controller under specific collaboration agreements (e.g., external collaborators, accountants, payment processors, hosting providers), billing service providers, IT service providers, Wi-Fi service providers, and public or private entities authorized by law (e.g., local police headquarters), only for the purposes outlined above.
Booking services are managed via a booking engine and channel manager owned by Zucchetti Hospitality Srl, part of the Zucchetti Group, through which customer and guest data is processed in the cloud. Here is their [Privacy Policy] (link to be inserted if required).
These parties may act as data processors.
The list of data processors can be requested at any time by writing to: info@locandaparsifal.com
No further dissemination of the provided data will take place.
Cookie Policy
This website uses cookies. To learn more, users can refer to our full Cookie Policy.
User Rights
If the data processing is based on consent, the user may withdraw such consent at any time, in addition to exercising the rights provided under Articles 7 and 15–22 of European Regulation 679/2016.
This free choice does not affect the lawfulness of processing carried out prior to the withdrawal.
To do so, simply write to: info@locandaparsifal.com
By doing so, the user’s data will no longer be processed, unless another legal basis exists apart from freely given consent (such as compliance with a legal obligation).
Additionally, if the user has any doubts and wishes to confirm whether or not their personal data is being processed (and, if so, access the data), they may request access and obtain the following information:
● the purposes of the processing;
● the categories of personal data concerned;
● the recipients or categories of recipients to whom the data has been or will be disclosed, in particular if recipients are in third countries or international organizations;
● the retention period of the data, or the criteria used to determine that period;
● the existence of the right to request rectification, erasure, restriction of processing, or to object to processing;
● the right to lodge a complaint with the supervisory authority (www.garanteprivacy.it);
● where the data was not collected directly from the user, all available information about its source;
● the existence of automated decision-making, including profiling as referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In addition to requesting correction or rectification of their data, the user may object to the processing, including requesting its restriction.
Among the user’s rights is also the right to request and obtain the erasure of their personal data.
The user may also request data portability, thereby receiving their data in a structured, commonly used, and machine-readable format.
If the user believes their data is not being processed in accordance with applicable law, they may write to the data controller, without prejudice to their right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it).
Existence of Automated Decision-Making
The data controller does not carry out any automated decision-making process as referred to in Article 22 of the GDPR (EU Regulation 679/2016).
Last updated: May 20, 2025